Humans are the weakest link in the digital war

I recently presented at an ANZ Telco & Technology event in Hong Kong, sharing the forum with an extraordinary and diverse panel of experts about what the next phase of the digital revolution will bring.

" This will be a digital war and humans remain the weakest link – meaning training and education are critical."
Guy Boyd, Global Head of Financial Crime, ANZ

Paul Scanlan, President of Business & Network Consulting at Huawei Technologies, gave us an amazing vision of a future of smart cities, driverless cars, feeling robots – and spanners printed in 3D which are recycled after use, thereby radically changing the need for the mining of raw materials, manufacturing of steel, distribution to stores and retail sales.

But General Michael Hayden, a former director of the Central Intelligence Agency and former director of the National Security Agency, currently a principal at the Chertoff Group and a distinguished visiting professor at the George Mason University School of Public Policy, put the spotlight on a new realm of cybersecurity.

There is no doubt the risk of cybercrime is profound. In the financial services industry it is fundamental to system security. 

This risk falls into three key cohorts: state sponsored, criminals and random. Major companies including banks are at risk from all three but more typically the criminals who are, after all, after the money.

MANAGING RISK

Criminals will typically seek to breach cybersecurity to obtain financially valuable information (for example internet banking credentials or customer identifiers) to then use this information to perpetrate theft.

To counter this threat, teams within corporates need to work together on managing these risks – a siloed approach, where the different parts of the business don’t coordinate or even counter-act, will increase the risk, often by leaving gaps in the response.

Investment and expertise is required to combat these risks – but critically this will be ongoing and not “set and forget”. The threats are dynamic, constantly shifting, evolving with technology just as legitimate uses of the digital realm evolve. Combatting risk then must be just as nimble.

Moreover, government and companies need to work together to combat these risks by sharing threat intelligence and responding to incidents. Silos isolating these crucial players will increase the risk.

There is one fundamental mindset which may indeed require a cultural leap: it is necessary to accept a security breach is inevitable and defences need to be built on the basis that a breach will occur. It must be detected ASAP so as to counter it and mitigate the damage that can be caused.

Customer awareness is another key area of focus for banks – helping our customers avoid the scams, identity theft and malware threats to their digital banking.

One emerging area where risk is underappreciated for the financial services sector is in credit. Decisions around credit risk should look closely at cybersecurity risk – poor cybersecurity by a borrower may lead to a credit loss for the bank.

I think another mindset change which may prove a challenge is to accept you may not be the most secure custodian of crucial data. Cloud services may offer more or complementary security for businesses without scale or expertise to maintain own security.

As the digital age, with ever increasing speed, reshapes the way we live and do business, society needs to have a more open discussion on the balance between privacy and security in the digital age. There is no right and wrong answer to this conundrum and attitudes to the trade-off vary not just between societies and individuals but over time.

We can’t expect governments to solve these challenges for business – they are generally too slow to act. Governments will, however, have a role to play in supporting a safer business and consumer environment by enabling use of technologies such as verifiable biometrics for consumers.

Guy Boyd is global head of financial crime at ANZ.